What personal data is, types of personal data collected, purposes for which this data is collected, how data is processed and your rights in this regard.
What is personal data?
Personal data is any information relating to an identified or identifiable person, for example your contact information and your clinical data.
General principles for personal data processing
The following principles are adhered to when processing your personal data:
1. Personal data is only collected for specified, explicit and legitimate purposes
2. Personal data beyond what is necessary to accomplish those purposes is not collected
3. Personal data is not used for purposes other than that for which the data was collected, except as stated herein, or with prior consent
4. Personal data will not be shared with third parties, except as stated herein, or with prior consent
5. We will try our best to ensure that information is up to date by encouraging you to verify your personal data periodically
6. We will have appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access and against all other unlawful forms of processing
7. Except when stated herein, we will not store personal data longer than is necessary to accomplish the purpose for which the data were collected or for which they are further processed, or as is required by law
Personal data we collect and process
We may collect and process the following data about you:
· Any data you give us. You may give us information about you by filling in forms on our site http://drdeekhaira.com (our site), or through questionnaires we may require you to complete, or any correspondence with us by phone, email or otherwise. This includes information you request or receive regarding psychological therapy through our site and participation in social media functions on our site. The information you give us may include your name, address, email address and phone number, financial and credit card information, personal description and medical history.
· Data we collect about you. With regard to each of your visits to our site we may automatically collect the following data:
· Data we receive from other sources. We may receive data about you from third parties we work closely with (including - without limitation - medical practitioners, business partners, sub-contractors in technical, payment and delivery services, analytics providers, search information providers).
How we use your personal data
We use data held about you in the following ways:
· Data you give to us. We will use this data:
1. To carry out our obligations arising from any contracts entered into between you and us relating to psychological therapy, and to provide you with the information and services that you request from us
2. To provide you with information about other services we offer or recommend that are similar to those that you have already received or enquired about
3. To provide you with information about goods or services we feel may interest you. If you are an existing client, we will only contact you by electronic means (email or SMS) with information about services similar to those you have previously received or enquired about
4. To notify you about changes to our services
5. To ensure that content from our site is presented in the most effective manner for you and for your computer and/or mobile phone device
6. We may also use your data from the questionnaires you complete for audit and service evaluation purposes. This data will be anonymised and no identifiable information will be shared with any external party. This information will be analysed at a group level meaning the data from clients will be combined making it impossible to identify an individual from the data. It will be used to identify general trends of statistics about how we are delivering on successful outcomes. This helps us achieve a good standard of care and highlights areas for improvement.
· Data we collect about you. We will use this data:
1. To improve our site to ensure that content is presented in the most effective manner for you and for your devices
2. To administer our site and for internal operations including troubleshooting, data analysis, testing, research, statistical and survey purposes
3. To allow you to participate in any interactive features of our service, when you choose to do so
4. As part of our efforts to keep our site safe and secure
5. To measure or understand the effectiveness of marketing we serve to you and others, and to deliver relevant marketing to you
6. To make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them
· Data we receive from other sources. We may combine this data with data you give to us and data we collect about you. We may use this data and the combined data for the purposes set out above.
Where we store and process your personal data
Your personal data is stored and processed within the European Economic Area (EEA). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the processing of your payment details. By submitting your personal data, you agree to this transfer, storing or processing. In case of transfer of your personal data to any third countries, as defined in General Data Protection Regulation (GDPR), applicable legislation and regulations concerning such transfers are observed and relevant legal and security safeguards are ensured before such transfer.
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted.
The transmission of information via the internet is never completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Our disclosure of your personal data to third parties
We do not sell your personal data or share this data with third parties, except to the extent stated within this Privacy Policy.
We may disclose your personal data to third parties to the extent required by law, court order or a decision rendered by a competent public authority and for the purpose of law enforcement. In addition, we may share your personal data with the following third parties:
1. Medical or psychological therapy practitioners for the purposes of furthering a contract between us and you for the provision of psychological therapy.
2. Third party vendors carrying out services on our behalf, including billing, sales, marketing, IT support, advertising, analytics, research, customer service, data storage, validation, security, fraud prevention, payment processing, and legal services. Such third-party vendors have access to perform these services but are prohibited from using your personal data for other purposes.
3. Third parties in order to establish, exercise or defend legal rights of Dr Dee Khaira.
4. Third parties in the event of any merger, sale, joint venture, assignment, transfer or other disposition of all or any portion Dr Dee Khaira's assets or stock (including without limitation in connection with any bankruptcy or similar proceedings).
5. Other third parties subject to your consent.
When we disclose your personal data to a third party, we take all reasonable steps to ensure that those third parties are bound by confidentiality and privacy obligations with respect to the protection of your personal data. The disclosure is conducted in compliance with legal requirements, including entering into data processing agreements with the relevant third parties, to ensure that personal data is only processed in accordance with our instructions, applicable law and regulations and for the purpose specified by us and to ensure adequate security measures.
Retention of your personal data
We keep your information for no longer than necessary for the purposes for which it is collected. The length of time for which we retain information varies on the purposes for which we collected and use it.
Personal data related to our services is kept and processed for a period of five (5) years from the last date of service, unless such data is legitimately processed for other purposes, such as providing you with personal benefits or customised direct marketing upon your consent or for pursuing our legal claims, where maintaining such information is considered necessary.
Personal data related to our provision of any direct marketing to you is kept and processed for a period of three (3) years from the date you last have been active in opening our marketing communication or otherwise showing interest in such communication.
Relevant personal information will be deleted after expiry of the above-mentioned periods, unless such data legitimately can be kept and processed for other processing purposes which we have legal basis for.
Responsible for processing
Dr Dee Khaira (ICO Registration No ZA813497) is the data controller and is responsible for the processing of your personal data.
YOUR RIGHTS
Access to your personal data and data portability
You have the right to access the personal data concerning you which you have provided to Dr Dee Khaira in a structured, commonly used and machine-readable format and have the right to transmit those data to any third party you should choose to.
Updating and/or deleting your personal data
We encourage you to update your personal data provided to Dr Dee Khaira any time there are changes in your personal data. Your personal data can be deleted from Dr Dee Khaira's servers unless we are entitled or obliged by applicable law and regulations to keep and process such information regardless of withdrawal of your consent. Following your request for deletion of your personal data, these will be deleted from our servers without undue delay; please note it may take a period of up to two (2) months to ensure complete deletion of any information stored in our back-up. You may also contact Dr Dee Khaira to review, update or delete personal data stored about you. For relevant contact details please see below. Please note that prior to accessing and requesting changes to your data, we will need to verify your identity properly.
Right to withdraw your consent
Some of Dr Dee Khaira's processing activities may be based on your consent. In such circumstances you will have the right to withdraw your consent at any time. Withdrawal of your consent will not affect the lawfulness of processing conducted prior to the withdrawal.
If you withdraw your consent, Dr Dee Khaira and third parties involved in personal data processing will cease to process your personal data, unless and to the extent the continued processing or storage is permitted or required according to the applicable personal data legislation or other applicable laws and regulations. Please note that as a consequence of your withdrawal of your consent, Dr Dee Khaira may not be able to meet your requests or provide you with our services.
Right to restriction of processing and right to object
You have the right to restrict processing of your personal data if the personal data is not correct, or if the processing is unlawful, in the event that you oppose erasure of your personal data, if Dr Dee Khaira no longer needs your personal data for the purposes of processing but storing such data is requested by you for the establishment, exercise or defence of legal claims, or if you have objected to processing and verification and a decision about whether Dr Dee Khaira still has legitimate interest in the given personal data is pending. Please see below for relevant contact details.
You have the right to object to processing of your personal data that has been collected and processed for the purposes of legitimate interests pursued by Dr Dee Khaira, for instance when we provide you with relevant therapy materials, make your future bookings easier by remembering your details, or when we conduct analytics and statistics on your use of our services. Please see below for relevant contact details.
Right to complain
If you want to complain about a privacy breach, please contact Dr Dee Khaira by sending your complaint to dee@drdeekhaira.com. We will acknowledge receipt of your complaint within five (5) business days. We will do our best to resolve it as quickly as possible and within one (1) month from the date of complaint. In case a response would require longer than one (1) month, we will let you know and inform you of the relevant reason(s).
If you are not satisfied with the outcome of your complaint or with our handling of your complaint at Dr Dee Khaira, you may refer your complaint to the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
MISCELLANEOUS
Third-party websites, plug-ins and services
Website(s) and the app(s) of Dr Dee Khaira may contain links to third party websites and plug-ins, for instance a social media login plug-in. If you choose to use these websites, plug-ins or services you may disclose your information to those third parties. Dr Dee Khaira is not responsible for the content or practices of those websites, plug-ins or services. The collection, use, and disclosure of your personal data will be subject to the privacy policies of these third parties and not this Privacy Policy. We urge you to read the privacy and security policies of the relevant third parties.
Use by children
We request that young people under the age of 16 do not provide any personal data to Dr Dee Khaira. Minors must obtain express consent from parents or legal guardians prior to accessing or providing any personal data. If notified by a parent or guardian, or discovered by other means, that a child under the age of sixteen has provided his or her personal data to Dr Dee Khaira, we will delete the child’s personal data that is in our possession.
Changes to our Privacy Policy
We may modify or update this Privacy Policy when necessary to reflect changes in our products and services, changes in applicable legislation, regulations or practice and to address customer feedback. Accordingly, please review it periodically.
If there are material changes to this Privacy Policy, we will notify you either by posting a notice or by sending you a notification.
Contact details
If you have questions about this Privacy Policy or the processing of your personal data, please contact us at: dee@drdeekhaira.com